CS212 Summer 2003 Security 7/20/03 Source: Network Security: Private Communication in a Public World by Kaufman, Perlman, Speciner ---------------------------------------------------------------------- 0) Announcements + Part 2 due today + Part 3 assignment out by tomorrow + due date after final? ---------------------------------------------------------------------- 1) Intro + Cryptography: Comes from the Greek, meaning hidden or secret writing. Cryptography is the practice and study of encoding data so that it can only be decoded by specific individuals. Usually involve an algorithm that combines a message with one or more keys to produce and encrypted version on the message + Cryptosystem: A system for encrypting and decrypting data + Functions of cryptography include: - Obscuring the contents of a message so only intended people can read it - Authentication: checking the source of a message (a person, system) - Integrity checking: making sure a message has not been altered in transit. + PLAINTEXT AND CIPHERTEXT - Plaintext: text in its normal form, readable by anyone - Ciphertext: text in its encrypted form. Must be decrypted to be read - A message starts as plaintext, is encrypted to ciphertext, and then decrypted back to plaintext + COMPUTATIONAL DIFFICULTY - Cryptographic algorithms use keys to encrypt/decrypt messages - A person can crack a code by simply trying all keys - Algorithm should be relatively fast for people with keys, and slow people without (they have to try many many keys) - can make even slower by making more keys (increasing key length) - ex) combo lock has 40 positions, takes 10 secs to dial in 3 numbers - a bad guy must try all combos: at 10 secs each, takes a week - to make more secure, make the key be 4 numbers instead of 3. Now it could take 13 secs to dial the 4 numbers - bad guy has 40 times more combos: takes a year to try all! + KEEP ALGORITHM SECRET? - Should the algorithm be secret, or not? - If secret, some argue that it makes algorithm more secure and makes work for cryptanalysts harder - If public, others agure that more people can look at algorithm and find bugs, thus enhancing the algorithm's security - also, bad guys will probably find out what the algorithm is eventually, even if it is secret. Can reverse engineer it. - publication provides much free consulting from academic community - today: commercial systems usually use public algs, military uses secret algs (probably to prevent enemies from using our systems instead of to prevent them from reading our messages) Additional Source: www.dictionary.com ---------------------------------------------------------------------- 2) Simple Cryptosystems - SEE INTERNET + CAESAR CIPHER - replace each letter in the message with the letter 3 ahead of it - HELLO becomes KHOOR - Decode by doing the reverse - example of depending on the secrecy of the algorithm, not the key + Security by Obfuscation: hiding the message/resource you want to keep secure, in the hopes that no one finds it (bad!) + CAPTAIN MIDNIGHT SECRET DECODER RINGS - These were distributed with Ovaltine and used a cipher similar to the caesar cipher - shift alphabet by n letters, where n = 1 to 25 - Caesar cipher is n = 3 - Still, if you know the the "algorithm" you can fairly easily crack the code. Only 25 possibilities to try + MONOALPHABETIC SUBSTITUTION CIPHER - arbitrary mapping of letters - 26! possible pairings of letters (approx. 4 * 10^26) - if took 1 microsecond to try a pair, would take 10 trillion years to try all... to slow - Crack using frequency distribution of letters in English alphabet - Each letter in English text has a known frequency - Can guess letter pairings based on frequencies - two applications of this cipher do not increase the strength of the system, as the product of two substitutions is another substitution + POLYALPHABETIC SUBSTITUTION CIPHER - uses more than one replacement scheme - not susceptible to frequency analysis, as above - use different mappings for each position in the message - use a Viginere Table, which is the alphabet written 26 times. Each time, the alphabet starts at the next successive letter - First, pick a key. The key represents rows in the Vignere Table - To encode, replace the first letter by the letter in the first row designated by the key - then encode the 2nd letter with the 2nd row, 3rd letter with 3rd row, etc. Cycle back to first row when necessary - How to crack? Once you know key length (n), you can subdivide problem into n monoalphabetic substitution cipher problems 1) Determine key length 2) Break ciphertext into n pieces, one per permutation 3) Solve each monoalphabetic substitution using frequency analysis - To determine key length, we look for patterns in the ciphertext. For example, the letters "th" appear often in English; if 't' and 'h' are substituted using permutations 1 and 2 respectively, we can look for those repeated patterns 1) Identify repeated patterns of 3 or more letters 2) For each pattern, write down starting position of all instances of pattern 3) Compute differences b/n starting positions of successive instances 4) Determine all factors of the differences 5) Key length will be one of the factors that appears often + CRYPTANALYTIC ATTACKS 1) CIPHERTEXT ONLY - attacker only has access to ciphertext - can crack by trying all keys - can sometimes crack by getting password (Kerberos computes DES key with user's password) 2) KNOWN PLAINTEXT - attacker has access to ciphertext and some plaintext that goes with it. How? Some info (like next city to attack) won't remain secret forever - known plaintext in monalphabetic cipher would be a great help 3) CHOSEN PLAINTEXT - attacker can get plaintext encrypted (he can choose plaintext to get encrypted), and use that to crack system - If attacker knew the system used a monoalphabetic cipher, he could send a message using all letters of th alphabet + TRANSPOSITION CIPHER - Can "spread out" information better than the polyalphabetic cipher - write out the message in a transposition matrix of M x N dimesions - ciphertext is simply columns written out successively - ex) THIS IS A MESSAGE WE WILL ENCRYPT THIS IS A M 11x3 matrix ESSAGE WE W ILL ENCRYPT ciphertext: TEIHSLISLSA GEIENS C WRAEY PMWT - to crack, need to know the matrix dimesions + PERFECT SUBSTITUTION CIPHER - most systems in existence only provide computational security - takes advantage of limited processing power - can always launch brute-force attack with enough computing power - what properties would a perfect substitution cipher have? - cannot launch-brute force attack against it - knowledge of ciphertext doesn't help in decoding - can be accomplished using a one-time pad, a series of random bits as long as the message - encoding: sequence (the key) XORed with message - decoding: (key XOR msg) XOR key = msg + DESIRABLE ENCRYPTION SCHEME CHARACTERISTICS - CONFUSION - attacker should not be able to predict change of one character of plaintext on ciphertext - DIFFUSION - change in plaintext should affect multiple parts of ciphertext (unlike substitution) Additional Sources: http://hem.passagen.se/tan01/poly.html https://www.cs.cornell.edu/Courses/cs513/2002sp/L23.html ---------------------------------------------------------------------- 3) Types of Cryptosystems + TYPES OF CRYPTOGRAPHIC FUNCTIONS - secret key (symmetric) - involves 1 key - public key (asymmetric) - involves 2 keys - hash functions (message digest) - involves 0 keys + HASH FUNCTIONS - involves no keys - takes arbitrary-length message and computes fixed-length number - IMPORTANT PROPERTIES - relatively easy to computer h(m) - given h(m), no way to find an m that hashes to h(m) in faster than just going through all possible values of m and hashing - computationally infeasible to find two values that hash to same # - hash functions good for hding the actual contects of a message but still prividing a way to check if two messages are the same (just check if the hashes are the same - uses: saving passwords, message integrity - PASSWORD SAVING - instead of saving password for each user, save the hash of the password. When user enters password, hash and compare. This prevents attacker from gaining access to actual passwords. - MESSAGE INTEGRITY - Alice and Bob want to communicate and check message integrity - Alice and Bob agree on password, append to message - Alice sends message along with h(msg + password) - Bob computes h(msg + password), compares with value Alice sent + SECRET KEY CRYPTOGRAPHY - involves only 1 key (the SECRET key) - use the same algorithm and key to encrypt and decrypt message - can be used for secure transmissions, secure storage of data, authentication, and integrity checking - encryption: E(key, message) --> ciphertext - decryption: D(key, ciphertext) --> message - secure transmission and storage use the scheme above - AUTHENTICATION (checking the source) A B -------------- rA ------------------> <------- rA encrypted with K-AB ----- <------------- rB ------------------- -------- rB encrypted with K-AB ----> - rA and rB are random numbers created by Alice and Bob, respectively - Each person checks if the other can properly encrypt the random number they create. If so, they must have the key and can be trusted to be who they are - INTEGRITY CHECKING (making sure the msg wasn't altered) - algorithm that computes the checksum and then encrypts it with the key - if an attacker alters the message, he would need to compute the new secret checksum, which is nearly impossible without the key (a guess would certainly fail) - receiver computes checksum of message and compares with checksum computed by sender + PUBLIC KEY CRYPTOGRAPHY - uses two keys (PUBLIC and PRIVATE keys) - public key used for encryption - private key used for decryption - only one person knows the private key. Anyone in the world can know the public key. - anyone can encrypt, only owner of private key can decrypt - Uses: secure transmission, secure storage, authentication, digital signatures - AUTHENTICATION: (rA is random number, eB and dB are Bob's public and private keys) A B -------- rA encrypted with eB ------> <------- rA decrypted with dB ------- - DIGITAL SIGNATURES - person can "sign" a message, proving who wrote it - here PRIVATE key used for encryption, PUBLIC key used for decryption - thus, only one person can encrypt, but anyone can decrypt and read - to sign: 1) compute hash of message (a fixed-length number): h(m) 2) encrypt h(m) using private key, adds to message 3) anyone can check signature by decrypting h(m) using public key, and checking if h(m) from the signature matches the h(m) they compute on their own + HYBRID CRYPTO - use asymmetric algorithms for key management - use symmetric algorithms for encryption - takes advantage of the speed of symmetric algorithms and the ease-of-use (in terms of keys) of asymmetric algorithms - STEPS 1) Alice wants to talk to Bob. She first creates a secret key called the session key (secret key = symmetric crypto) 2) Alice encrypts the session key with Bob's public key and sends it to Bob 3) Bob decodes the session key with his private key 4) The two may now use that session key to communicate Source: https://www.cs.cornell.edu/Courses/cs513/2002sp/L23a.html www.rootshell.be/~dhar/downloads/intro2crypto.ppt ----------------------------------------------------------------------